Anyrun

Threat monitoring is treated as one capability among many. Something that sits alongside incident response and threat hunting on an org chart. That framing undersells how central it actually is.  Monitoring is the connective tissue of the entire security operation. Every other SOC function depends on it working well.  For SOC and MSSP leaders, building effective threat monitoring is not about “more alerts.” It […]

The post Turn Your SOC Into a Detection Engine: Rethinking Threat Monitoring appeared first on ANY.RUN's Cybersecurity Blog.

Security professionals rely on early detection signals to prioritize and contain incidents. But what happens when a fully capable RAT generates none?  In a recent investigation, the ANY.RUN experts uncovered a new Go-based remote access trojan we named Moonrise. At the time of analysis, it wasn’t detected on VirusTotal and had no vendor signatures tied to it.  That’s the problem teams can’t ignore: credential theft, remote command execution, and persistence […]

The post Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences appeared first on ANY.RUN's Cybersecurity Blog.

G2, the world’s largest and most trusted software marketplace, has recognized ANY.RUN among the Best Software Companies. The ranking is based on verified reviews from organizations actively using ANY.RUN’s solutions. It reflects the company’s strong international presence and measurable impact across global cybersecurity markets. Thank You to Our Community  Recognition on G2’s Top 50 Best […]

The post G2 Recognizes ANY.RUN Among the Top 50 Best Software Companies in the Region appeared first on ANY.RUN's Cybersecurity Blog.

Every security alert represents a decision point. Act too slowly, and a threat becomes a breach. Act without context, and analysts drown in noise. At the center of both failure modes is a single, often underestimated process: alert enrichment.  Key Takeaways The Seconds That Define a Breach  Alert enrichment is the practice of layering contextual intelligence onto […]

The post One Process, Every Metric: How Better Alert Enrichment Transforms SOC Performance appeared first on ANY.RUN's Cybersecurity Blog.

Editor’s note: The current article is authored by Moises Cerqueira, malware researcher and threat hunter. You can find Moises on LinkedIn. Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly sophisticated to bypass region-specific defenses and increase the chance of reaching real business users.  In this analysis, […]

The post LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis  appeared first on ANY.RUN's Cybersecurity Blog.

In enterprise SaaS, unclear security decisions carry real cost. False positives disrupt customers, while missed threats expose the business.  A Fortune 500 cloud provider addressed this risk by embedding ANY.RUN into SOC investigations, giving analysts the behavioral evidence needed to reduce escalations, improve triage confidence, and make proportionate response decisions at scale.  Company Context and Security Scope  The organization is a […]

The post Fortune 500 Tech Enterprise Speeds up Triage and Response with ANY.RUN’s Solutions appeared first on ANY.RUN's Cybersecurity Blog.

How long would it take your team to realize ransomware is already running?  The newly identified ransomware families are already causing real business disruption. These threats can disrupt operations fast while also reducing visibility through stealth or cleanup activity, shrinking the time teams have to detect and contain the attack.  Here’s what you should know about BQTLock and GREENBLOOD, and how your team can detect and contain them before […]

The post Emerging Ransomware BQTLock & GREENBLOOD Disrupt Businesses in Minutes  appeared first on ANY.RUN's Cybersecurity Blog.

Threat hunting is widely recognized as one of the most important capabilities of a mature SOC. It uncovers stealthy attackers early, reduces dwell time, and prevents security incidents from impacting the business. Yet, in practice, many organizations find that their threat hunting efforts don’t consistently deliver these outcomes.  Let’s take a look at how high-performing security teams make threat hunting more repeatable, measurable, and effective.  Why Threat Hunting Programs Often Fail Before They Start  […]

The post How to Build Threat Hunting that Defends Your Organization Against Real Attacks appeared first on ANY.RUN's Cybersecurity Blog.

The financial sector resembles a treasure vault under constant siege. Banks, insurers, and fintech firms are not just custodians of money. They are guardians of irreplaceable personal and corporate data, payment flows, transactional integrity, and trust itself.   When cybercriminals strike, the ripple effects cascade outward, threatening individual savings, corporate balance sheets, national infrastructures, and broader economic confidence.  The Biggest […]

The post How Threat Intelligence Helps Protect Financial Organizations from Business Risk appeared first on ANY.RUN's Cybersecurity Blog.

First month of the year, and we’re starting it off with updates that support faster decisions and more predictable SOC operations.  In January, we introduced a major workflow enhancement with the new ANY.RUN Sandbox integration with MISP, alongside expanded detection coverage across behavior signatures, YARA rules, and Suricata.  Let’s find out what this means for your team.  Product Updates  January brought another solid round of improvements […]

The post Release Notes: Workflow Improvements, MISP Integration & 2,000+ New Detections  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN observes a growing trend of phishing kit infrastructure being hosted on legitimate cloud and CDN platforms, rather than on newly registered domains. These campaigns often target enterprise users specifically, creating a global threat to businesses. The shift creates serious visibility challenges for security teams, as trusted platforms and valid indicators shield malicious activity from detection.  For a deeper dive, read on and see the breakdown of such cases, along with […]

The post Enterprise Phishing: How Attackers Abuse Trusted Microsoft & Google Platforms  appeared first on ANY.RUN's Cybersecurity Blog.

Running a SOC today means constant trade-offs: too many alerts, not enough people, strict SLAs, and attacks that keep getting smarter. Most leaders aren’t asking for “the next cool product” but a proof that something actually cuts time, risk, and workload in real environments like theirs.  Thousands of organizations already rely on ANY.RUN to reduce analyst load, resolve phishing cases faster, cut unnecessary […]

The post SOC & Business Success with ANY.RUN: Real-World Results & Cases  appeared first on ANY.RUN's Cybersecurity Blog.

Think you can trust every email that comes from a business partner?  Unfortunately, that’s no longer guaranteed; attackers now slip into legitimate threads and send messages that look fully authentic.   That’s exactly what happened in a new case uncovered by ANY.RUN researchers; a trust takeover inside a real executive discussion about a document awaiting final approval.   By detonating the suspicious message, the investigation exposed the […]

The post Attackers Are Taking Over Real Email Threads to Deliver Phishing: New Enterprise Risk appeared first on ANY.RUN's Cybersecurity Blog.

In cybersecurity, humans occupy both ends of the vulnerability spectrum. They click what should never be clicked, reuse passwords like heirlooms, and generously donate credentials to phishing pages that look “kind of legit.”  Yet the same species becomes the strongest link once you step inside a SOC.  Cybersecurity professionals don’t fail because they are careless […]

The post Fix Staff Shortage & Burnout in Your SOC with Better Threat Intelligence appeared first on ANY.RUN's Cybersecurity Blog.

Most SOC teams are overloaded with routine work. Tier 1 & 2 analysts spend too much time validating alerts, moving samples between tools, and chasing missing context. When integrations are weak, investigations slow down, MTTR grows, and SLAs suffer delays. That directly increases operational risk and cost for the business.   ANY.RUN has already helped teams close part of this […]

The post ANY.RUN Sandbox & MISP Integration: Confirm Alerts Faster, Stop Incidents Early  appeared first on ANY.RUN's Cybersecurity Blog.

A growing skepticism around JA3 is evident, and quite understandable as well. Public lists are rarely updated, and initiatives like JA3-fingerprints have been effectively frozen since 2021, creating the impression that this is a “yesterday’s technology.”  However, JA3 fingerprints have not disappeared. Sensors continue to collect them, they appear in reports and threat intelligence interfaces; it’s just that many teams treat them formally, as yet […]

The post From Forgotten Tool to Powerful Pivot: Using JA3 to Expose Attackers’ Infrastructure  appeared first on ANY.RUN's Cybersecurity Blog.

Summarizing the past year’s threat landscape based on activity observed in ANY.RUN’s Interactive Sandbox, this annual report provides insights into the most detected malware types, families, TTPs, and phishing threats of 2025.  For additional insights, view ANY.RUN’s quarterly malware trends reports.   Key Takeaways  Summary  In 2025, ANY.RUN experienced significant growth alongside a rise in malicious activity. The numbers reflect a substantial growth of deep investigations and the detections of evasive threats facilitated by Interactive Sandbox:  As investigation volume and behavioral visibility increase, 15K+ security teams gain earlier detection, richer […]

The post Malware Trends Report 2025: New Security Risks for Businesses in 2026 appeared first on ANY.RUN's Cybersecurity Blog.

Manufacturing companies have quietly become one of the most hunted species in the modern threat landscape. Not because they are careless, but because they are operationally critical, geographically distributed, and often rely on complex IT and OT environments that attackers love to probe.  Key Takeaways  The Threat Landscape: Manufacturing Under Siege  ANY.RUN‘s data, based on sandbox submissions […]

The post German Manufacturing Under Phishing Attacks: Tracking a Stealthy AsyncRAT Campaign  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN’s team conducted an extensive malware analysis of CastleLoader, the first link in the chain of attacks impacting various industries, including government agencies and critical infrastructures. It’s a unique walkthrough of its entire execution path, from a packaged installer to C2 server connection, as well as an overview of a parser developed to extract initialized […]

The post CastleLoader Analysis: A Deep Dive into Stealthy Loader Targeting Government Sector appeared first on ANY.RUN's Cybersecurity Blog.

SOAR platforms are excellent at moving work forward. They trigger playbooks, route incidents, and enforce consistent response steps. What they don’t do well on their own is confirm what’s actually SOAR helps teams move faster, but speed isn’t the real problem.  The real issue is figuring out what an alert actually means. A sandbox solves that by safely running the file or link […]

The post Integrating a Malware Sandbox into SOAR Workflows: Steps, Benefits, and Impact  appeared first on ANY.RUN's Cybersecurity Blog.